Skills
skills/openclaw/skills/adi-decision-engine/Gen Agent Trust Hub

adi-decision-engine

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes an external CLI tool to perform its core decision logic.
  • Evidence: In scripts/_runtime.py, the run_request_data function uses subprocess.run to execute the adi binary.
  • Context: The implementation is secure as it uses a hardcoded binary name, passes arguments as a list to prevent shell injection, and isolates data in temporary files.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its natural language normalization process.
  • Ingestion points: scripts/normalize_problem.py and scripts/run_adi.py ingest untrusted user text from files or standard input.
  • Boundary markers: No explicit delimiters or instructions are used to separate user data from the processing logic during normalization.
  • Capability inventory: The skill can execute local binaries and generate formatted reports that influence subsequent agent actions.
  • Sanitization: Inputs are validated against a structured JSON schema in scripts/validate_request.py, which constrains the format of the processed data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 09:20 AM